LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 01-22-2003, 11:54 PM   #1
cmisip
Member
 
Registered: Aug 2002
Posts: 189

Rep: Reputation: 30
How do you make the ip masquerade server/dhcp server broadcast dns to lan


I am moving my ip masq server from Linux Mandrake 9 to Redhat 8. In LM9 there is a gui configuration for connection sharing so that was pretty easy. I have to do it manually with RH8. So far I have configured dial on demand and a dhcp server on RH8. I have a laptop that connects wirelessly to either the LM9 ip masq machine or the RH8 ip masq machine. The problem is, my laptop cannot resolve the url address if the IP masq machine is redhat8. It can resolve the url address if I edit the laptops /etc/resolv.conf to add my isps primary and secondary dns but this is only good until the laptop renews its ip via dhcp at which point the /etc/resolv.conf gets overwritten and just simply points to nameserver 192.168.1.1. If I use the LM9 machine, the laptop can connect to the internet even if the contents of the laptop /etc/resolv.conf is just nameserver 192.168.1.1. This leads me to believe that the LM9 machine is somehow broadcasting the dns address to the laptop but I dont know how to duplicate this in Redhat 8. Can anybody help?
Also I am looking for a good firewall script that will work with dial on demand. The first one I tried from linuxguruz only works if i start the script after I have started an internet connection. This is so because If I start it during boot up it will detect my temporary IP and configure itself with that (the temporary ip gets changed by dial on demand when it actually establishes a connection and so the firewall fails to let me connect to any url). Any recommendation on a good firewall script to work with dial on demand. In addition I need the ip masq machine to open allow nfs and samba and dhcp server(to the lan only of course) and block everything else. I would appreciate any pointers. Thansk again,.
 
Old 01-22-2003, 11:56 PM   #2
cmisip
Member
 
Registered: Aug 2002
Posts: 189

Original Poster
Rep: Reputation: 30
The firewall script will have to do ip masq as well of course. Thanks.
 
Old 01-23-2003, 04:07 AM   #3
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
Have a look here for the tutorial with scripts at the end.

Your only real problem is masquerading, & when to pick up the new ip number.
This can be made separate from the basic ruleset. You only need to reference the new number for the masquerading rule in the nat POSTROUTING chain, and also in the nat PREROUTING chain if you have separate rp_filter rules rather than the /proc/sys/net/conf/*/ built in rp_filter.
All that, means that you can load your rules on boot and only make masquerade changes after the dialling is completed.

dhcp servers can also deliver gateway and dns settings to clients when they request an ip number. If you have a dns caching server on the RH8 box, you can leave the supplied dns number as the RH box rather than the external dns servers, letting the RH box's dns caching server talk to the outside world...

eg dnrd

Last edited by peter_robb; 01-23-2003 at 04:09 AM.
 
Old 01-23-2003, 05:22 PM   #4
cmisip
Member
 
Registered: Aug 2002
Posts: 189

Original Poster
Rep: Reputation: 30
I installed shorewall and my dial on demand and shorewall firewall worked together very well. How do you start a dns caching server on Redhat 8? Thanks.
 
Old 01-23-2003, 08:35 PM   #5
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
instal dnrd

It has a good man page and docs with it.
 
Old 01-25-2003, 01:41 PM   #6
cmisip
Member
 
Registered: Aug 2002
Posts: 189

Original Poster
Rep: Reputation: 30
Thanks for the ideas. I stumbled upon an easier solution while viewing my dhcpd.conf file. There is the option domain-name-servers which is set to 192.168.1.1. I simply added my isp's dns ip to this. Each time the client machines renews its lease, the client /etc/resolv.conf now contains the isp's dns numbers as well as 192.168.1.1. It's not the LM9 solution but its working. My Linux clients and windows client now have ip masquerading behind a shorewall firewall. In the future I will read up on Redhat 8 dns. I think I need to run named.conf but I dont know how to configure that yet. I will move on to opening the linux server's ports for nfs, mysql,smb,ssh and other projectsl. Thanks again.
 
Old 01-25-2003, 11:43 PM   #7
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
You will only need to run a full dns server if you reference internal servers in your network,
otherwise the dns caching server is much less trouble and faster...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
DHCP, Gateway and DNS server depam Linux - Networking 3 10-05-2005 08:33 PM
dns dhcp masquerade talkinggoat Linux - Networking 1 06-16-2005 05:10 AM
Enforcing DHCP Server Usage on a LAN win32sux Linux - Networking 7 12-17-2004 05:24 AM
DNS from DHCP server not working mikegorb Linux - Networking 1 10-25-2004 04:02 AM
DHCP server on two LAN cards V.krishna kumar Linux - Networking 3 10-24-2002 01:57 PM


All times are GMT -5. The time now is 01:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration